Re: [exim] Are we being harsh

Top Page
Delete this message
Reply to this message
Author: Marc Perkel
Date:  
To: Ron McKeating
CC: Exim-Users \(E-mail\)
Subject: Re: [exim] Are we being harsh
I'd add the "_" character to your condition. Even though it's not legal
- it's somewhat common.

Ron McKeating wrote:

>We have a complain because we rejected an email that looked like a
>forged hello, here is our log entry
>
>2005-04-02 16:02:44 H=mail1.gov.im (KEWAIGUE.mailsec) [217.23.170.232]
>rejected EHLO or HELO kewaigue.mailsec: Forged HELO: constructed by
>viruses KEWAIGUE.mailsec
>
>the acl we use to check for this is
>
> # Hacked HELO (DOMAIN.com) (constructed by viruses)
>
>  drop    condition     = ${if match \
>                          {$sender_helo_name}{\N^[A-Z0-9]+\.[a-z]+$
>\N}{yes}{no}}          condition     = ${if match \
>                          {$sender_helo_name}{\N^[0-9]+\.[a-z]+$
>\N}{no}{yes}}
>          message       = Hacked HELO: you are not $sender_helo_name
>          log_message   = Forged HELO: constructed by viruses
>$sender_helo_name

>
>
>The user says they have no trouble sending to other sites, we say they
>should set their server up with a proper hello name.
>
>Are we being too harsh ?
>
>Ron
>
>
>